Millennium Corporation is hiring a Senior Red Team Operator to work in a hybrid capacity from the Washington DC area. Candidates MUST have a public trust clearance to qualify for consideration.
Responsibilities:
Conduct red team exercises against production IT systems, facilities, and personnel belonging to the AO and the Courts.
Develop and conduct spear phishing campaigns to gain internal network access.
Conduct exploitation of external facing assets to gain internal network access.
Conduct post-exploitation actions towards exercise objectives.
Conduct on-site physical penetration assessments at various federal courthouses and other Court locations in order to obtain access to the internal network.
Use custom code and/or commercial-off-the-shelf (COTS) exploitation frameworks to bypass and penetrate network and system defenses.
Comply with the unique rules of engagement (ROE) that will be provided for each exercise along with the standard operating procedures (SOP) for overall Red Team operations.
Employ red team tradecraft while conducting exercises.
Qualifications:
Minimum 6 years direct, hands-on technical red team and/or government computer network exploitation/attack operations experience (which is to say direct red team operations work and not just that which is in support of red team operations).
Minimum 2 years technical red team and/or government computer network exploitation/attack operations leadership experience (note this is distinct experience from the above and cannot overlap).
Minimum of 3 years of hands-on experience with using modifying and customizing penetration testing and red teaming software frameworks (Cobalt Strike, Kali, etc.) to meet operational requirements.
Minimum of 2 years of independently conducting every phase of a red team exercise on their own without guidance or supervision.
Minimum of 2 year of hands-on experience developing payloads that bypass A/V and EDR solutions for use in various phases of a red team exercise.
Minimum of 2 years mentoring junior and mid-level operators on red team tradecraft and Advanced Knowledge Requirements (that they possess).
Minimum of 2 years of experience in professionally delivering technical red team reports and briefings.
CRTO certification required.
OSCP, OSCE, OSEE, GXPN, and/or GPEN are preferred, but not required.
Additional Qualifications:
Ability to independently conduct every phase of a red team exercise on their own without guidance or supervision.
Hands-on experience developing payloads that bypass A/V and EDR solutions for use in various phases of a red team exercise.
Ability to mentor junior and mid-level operators on red team tradecraft and Advanced Knowledge Requirements (that they possess).
Experience in professionally delivering technical and executive-level red team reports and briefings.